logo
  • Home
  • My Works
  • Downloads
  • Personal
  • Guest Book
  • About Me

Hash and Salt

Published by Rafeeque B Muhammad on Saturday, December 7, 2013 12:00 AM
Updated on Thursday, February 7, 2013 12:00 AM


Storing the password in plain-text in the database/file is not the correct way; the attacker can easily recover if he has access to the password resources.

Hashes are one-way functions that generate a representation, usually a number, of the data put in to them. If the hackers aware about the hashing function which you have used then they can find the actual password. Salting passwords address that problem.

Example for hashing is converting all the characters in the string to their numeric values, and exclusive-or the binary representation of these bits.

Salt is random data that are used as an additional input to a one-way function that hashes a password or passphrase. A new salt is randomly generated for each password.

Different mechanism can use for the salt key.

·         Always use a fixed salt string

·         Use a random piece of data for each password

·         Salt on meta-data – Person’s birth-day can be used for this scenario. You can see the bank statement opening the PDF file this kind of mechanism implemented.

What salt is doing is, effectively increase the amount of effort needed to break the password.

How to implement

o   Generate a random salt value

o   Concatenate the password and the salt

o   Hash the concatenated result (password + salt)

o   Store the hash and the salt (in db or file).

o   Implement password verification.

 

Technical Articles

  • All
  • .NET Framework
  • ASP.NET
  • C#
  • Win Forms
  • WCF
  • SharePoint(WSS 3.0)
  • SQL Server
  • TSQL
  • Oracle
  • PL/SQL
  • Performance and Tuning
  • Application and Tools
  • Outlook programming
  • HTML/HTML5/XHTML/DHTML/JAVAScript/CSS
  • Windows Services
  • Web Services
  • Security
  • Web
  • General
  • Architecture

Technical Books

  • All
  • C# Threading
  • WCF

Other Links

  • Important Links

Techies Craft © 2014 | Privacy Policy